CVE-2023-33305

Fortinet CVE-2023-33305 describes an infinite-loop condition that enables a DoS via crafted HTTP requests. Affected products across FortiOS and FortiProxy include FortiOS 7.2.0–7.2.4, 7.0.0–7.0.10, 6.4.x, 6.2.x, 6.0.x; FortiProxy 7.2.0–7.2.3, 7.0.0–7.0.9, 2.0, 1.2, 1.1, 1.0; FortiWeb 7.2.0–7.2.1,...

CVE-2023-29178

A access of uninitialized pointer vulnerability CWE-824 in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...

CVE-2023-29175

An improper certificate validation vulnerability CWE-295 in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a...

CVE-2023-29178

CVE-2023-29178 affects Fortinet FortiProxy (and FortiOS) with an uninitialized pointer vulnerability (CWE-824) that allows a authenticated attacker to repeatedly crash the httpsd process via crafted HTTP/HTTPS requests. Affected versions include FortiProxy 7.2.0–7.2.3 and FortiOS 7.2.0–7.2.4 and ...

CVE-2023-29175

CVE-2023-29175 describes an improper certificate validation vulnerability (CWE-295) in FortiOS and FortiProxy that could enable remote, unauthenticated attackers to perform a Man-in-the-Middle attack on the link between affected devices and FortiGuard’s map server. Affected products/versions incl...

CVE-2023-29175

An improper certificate validation vulnerability CWE-295 in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a...

CVE-2023-29178

A access of uninitialized pointer vulnerability CWE-824 in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests...

CVE-2023-27997

CVE-2023-27997 is a heap-based buffer overflow in Fortinet FortiOS SSL‑VPN (and FortiProxy) that allows remote code execution via specially crafted requests. Affected families include FortiOS: 7.2.x <=7.2.4, 7.0.x <=7.0.11, 6.4.x <=6.4.12, 6.0.x <=6.0.16; FortiProxy: 7.2.x <=7.2.3,...

CVE-2023-27997

A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...

CVE-2023-27997

A heap-based buffer overflow vulnerability CWE-122 in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all...

CVE-2023-26207

CVE-2023-26207 recap (Fortinet) : A vulnerability in Fortinet FortiOS (7.2.0–7.2.4) and FortiProxy (7.0.0–7.0.10) allows an attacker to insert sensitive information into log files, enabling reading of certain passwords in plaintext. The problem is tied to log logging behavior rather than remote e...

CVE-2023-26207

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text...

CVE-2023-26207

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. 7.2.0 through 7.2.1 allows an attacker to read certain passwords in plain text...

CVE-2023-22639

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all...

CVE-2023-22639

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all...

CVE-2023-22639

CVE-2023-22639 is an out-of-bounds write vulnerability affecting Fortinet FortiOS and FortiProxy. The issue allows an attacker to escalate privileges via specially crafted CLI/commands. Affected products/versions include FortiOS: 7.2.0–7.2.3, 7.0.0–7.0.10, 6.4.0–6.4.12, 6.2.x, 6.0.x; FortiProxy: ...

CVE-2022-43953

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code o...

CVE-2022-43953

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code o...

CVE-2022-43953

CVE-2022-43953 (Fortinet FortiOS/ FortiProxy) is a format-string vulnerability (CWE-134) that affects FortiOS 7.2.0–7.2.4, all 7.0 and 6.4/6.2, and FortiProxy 7.2.0–7.2.1 and 7.0.0–7.0.7. The underlying issue is an externally-controlled format string that can allow an attacker to execute arbitrar...

CVE-2022-42474

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged...